PIT: A Probe Into Internet of Things by Comprehensive Security Analysis

Sachidananda, Vinay; Bhairav, Suhas; Ghosh, Nirnay; Elovici, Yuval

doi:10.1109/trustcom/bigdatase.2019.00076

Cited by 6 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SAST is an invaluable way of assessing the security of IoT but not the only one needed as it is meant to be complementary (but necessary) to the more traditional blackbox techniques used. Black-box methods used for vulnerability detection in IoT systems include, among others, fuzzing, taint-analysis, symbolic execution, homology analysis, and penetration testing [29][30][31][32][33]. In the remainder of this section, we discuss some of the latest scientific work conducted on these methods.…”

Section: Assessing the Security Of Iot Softwarementioning

confidence: 99%

A Software Vulnerability Management Framework for the Minimization of System Attack Surface and Risk

et al. 2023

View full text Add to dashboard Cite

Current Internet of Things (IoT) systems comprise multiple software systems that are deployed to provide users with the required functionalities. System architects create system blueprints and draw specifications for the software artefacts that are needed; subsequently, either custom-made software is developed according to these specifications and/or ready-made COTS/open source software may be identified and customized to realize the overall system goals. All deployed software however may entail vulnerabilities, either due to insecure coding practices or owing to misconfigurations and unexpected interactions. Moreover, software artefacts may implement a much broader set of functionalities than may be strictly necessary for the system at hand, in order to serve a wider range of needs, and failure to appropriately configure the deployed software to include only the required modules results in the further increase of the system attack surface and the associated risk. In this paper, we present a software vulnerability management framework which facilitates (a) the configuration of software to include only the necessary features, (b) the execution of security-related tests and the compilation of platform-wide software vulnerability lists, and (c) the prioritization of vulnerability addressing, considering the impact of each vulnerability, the associated technical debt for its remediation, and the available security budget. The proposed framework can be used as an aid in IoT platform implementation by software architects, developers, and security experts.

show abstract

Section: Assessing the Security Of Iot Softwarementioning

confidence: 99%

A Software Vulnerability Management Framework for the Minimization of System Attack Surface and Risk

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Most vulnerabilities can be traced to insecure coding practices by the software developers [21]. While much work has been published on IoT vulnerability analysis, most of it employs black-box approaches like penetration testing and fuzzing [22][23][24][25][26]. Little work has been published focusing on white-box testing of open-source software running on IoT devices, by examining the underlying source code and the vulnerabilities stemming from it.…”

Section: Introductionmentioning

confidence: 99%

On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids

et al. 2021

View full text Add to dashboard Cite

The 5G communication network will underpin a vast number of new and emerging services, paving the way for unprecedented performance and capabilities in mobile networks. In this setting, the Internet of Things (IoT) will proliferate, and IoT devices will be included in many 5G application contexts, including the Smart Grid. Even though 5G technology has been designed by taking security into account, design provisions may be undermined by software-rooted vulnerabilities in IoT devices that allow threat actors to compromise the devices, demote confidentiality, integrity and availability, and even pose risks for the operation of the power grid critical infrastructures. In this paper, we assess the current state of the vulnerabilities in IoT software utilized in smart grid applications from a source code point of view. To that end, we identified and analyzed open-source software that is used in the power grid and the IoT domain that varies in characteristics and functionality, ranging from operating systems to communication protocols, allowing us to obtain a more complete view of the vulnerability landscape. The results of this study can be used in the domain of software development, to enhance the security of produced software, as well as in the domain of automated software testing, targeting improvements to vulnerability detection mechanisms, especially with a focus on the reduction of false positives.

show abstract

A survey on IoT & embedded device firmware security: architecture, extraction techniques, and vulnerability analysis frameworks

Ul Haq,

Singh,

Sharma

et al. 2023

Discov Internet Things

View full text Add to dashboard Cite

IoT and Embedded devices grow at an exponential rate, however, without adequate security mechanisms in place. One of the key challenges in the cyber world is the security of these devices. One of the main reasons that these devices are active targets for large-scale cyber-attacks is a lack of security standards and thorough testing by manufacturers. Manufacturer-specific operating systems or firmware of various architectures and characteristics are typically included with these devices. However, due to a lack of security testing and/or late patching, the underlying firmware or operating systems are vulnerable to numerous types of vulnerabilities. Reverse engineering and in-depth research of the firmware is required to detect the vulnerabilities. In this paper, we've delved into various aspects of IoT and embedded devices. This includes a comprehensive survey on the architecture of firmware, techniques for firmware extraction, and state-of-the-art vulnerability analysis frameworks for the detection of vulnerabilities using various approaches like static, dynamic, and hybrid approaches. Furthermore, we’ve scrutinized the challenges of existing vulnerability analysis frameworks and proposed a novel framework to address these issues.

show abstract

PIT: A Probe Into Internet of Things by Comprehensive Security Analysis

Cited by 6 publications

References 15 publications

A Software Vulnerability Management Framework for the Minimization of System Attack Surface and Risk

A Software Vulnerability Management Framework for the Minimization of System Attack Surface and Risk

On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids

A survey on IoT & embedded device firmware security: architecture, extraction techniques, and vulnerability analysis frameworks

Contact Info

Product

Resources

About